<?php
/*
Author: 
Project: EBBS
*//**********************Description**********************/

include 'library/init.php';
include 'library/header.php';
 $msg = 'Slettet av admin';



$id = $user->getID();
$sql = 'SELECT * from user where UserID =:id';
$sth = $db->prepare($sql);
$sth->bindParam(':id', $id);
$sth->execute();
$row = $sth->fetch();
//sjekk for å hindre url-shit
if (!$user->loggedOn() || $row['Admin'] != 1) {
header('Location: index.php');
exit;
}

echo $user->getLoginForm(NULL);

//lister flaggede innlegg
$sql = 'SELECT * FROM Blogpost WHERE Flagged > 0 AND Deleted = 0';
$sth = $db->prepare($sql);
$sth->execute();

//displays all posts as long as if
while($row=$sth->fetch())   {
//*****CHANGE THIS, a certain number of posts by param
echo "{$row['BlogpostID']}";
echo "<a href='post.php?id={$row['BlogpostID']}'>{$row['Title']}</a><br/>";

}

//lister flaggede kommentarer
    $sql2 = 'Select * from comment where Flagged > 0 AND Deleted = 0';
    $sth = $db->prepare($sql2);
    $sth->execute();

    while ($row = $sth->fetch()) {
        $cid = $row['CommentID'];
        echo "<br/><br/>";
        echo $cid;
        echo "<br/>";
        echo "Author: {$row['Username']}";
        echo "<br/>";
        echo $row['Text'];

        echo "<form method='post' action=''>
        <input type='hidden' name='CommentID' value='$cid'/>
        <input type='submit' name='commentDel' value='Delete Comment'/></form>";
    }
    if (isset($_POST['commentDel'])) {
        $sql = 'UPDATE comment SET Deleted = 1, Text=:text WHERE CommentID = :CID';

        $sth = $db->prepare($sql);
        $sth->bindParam(':CID', $_POST['CommentID']);
        $sth->bindParam(':text', $msg);
        $sth->execute();
    }